Attack
Once reconnaissance has been performed, exploitation must be performed for proof of concept. If the attack is being performed as part of a red team or wider assessment, then exploitation should be performed to gain access to the network as surreptitiously as possible.
In our attacking phase, we will explore the following:
Cracking the encryption
Attacking the infrastructure
Compromising clients
Finding vulnerable clients
Finding unauthorized clients
Cracking the encryption
The first step is to retrieve the keys for any vulnerable networks identified. If networks with WEP exist, perform the WEP-cracking methods explained in Chapter 4, WLAN Encryption Flaws. If WPA2-secured systems are present, you have two choices. If aiming to be stealthy, arrive on-site at times when individuals are likely to be authenticating or re-authenticating. These times are likely to be:
Start of the day
Lunch time
End of the day
At this time, set up your WPA key retrieval setup as shown in Chapter 4, WLAN Encryption...